Application Security Engineer

logo

Application Security Engineer

Clientsolv Technologies

icon Englewood, CO, US, 80110

iconContractor

icon18 April 2024

Apply Now

Company Description

ClientSolv Technologies is an IT solution firm with over a decade of experience serving Fortune 1000 companies, public sector and small to medium sized companies. ClientSolv Technologies is a woman-owned and operated company that is certified as a WMBE, 8a firm by the Federal government's Small Business Administration.

Job Description

The Application Security Engineer will support the organization’s efforts to identify and remediate application security risks, evangelize security best practices, and help educate the larger engineering team on security fundamentals. You will work with various teams (Software, Architecture, DevOps, Quality and more..) to support security at all stages of the software development life cycle.

 Additional Responsibilities

  1. Analyze user requirements to develop secure software design and architectural requirements.
  2. Assist in supporting the software developed by the Sling IT engineering group.
  3. Create and maintain documentation describing system architecture and security controls.
  4. Provide hands on code-level help to the engineering team mitigate discovered vulnerabilities in a timely manner.
  5. Review static analysis results and provide remediation guidance when needed.
  6. Define Sling-specific security best practices and integrate them with our coding standards library and application playbooks.
  7. Work with the larger IT Security group to help support their initiatives within the Sling IT organization.
  8. Build security scanning and validation into our automated pipelines to help drive a DevOps to DevSecOps transformation across the engineering team.

Skills - Experience and Requirements

Qualifications

A successful Security Engineer will have the following:

·         5+ years of professional software development experience. Experience with Node.js, Java and/or Spring is preferred.

·         5+ years of application security and secure coding experience in large scale environments.

·         Thorough understanding of the OWASP Top 10 and SANS / CWE Top 25 coding standards.

·         Significant experience with securing and integrating with cloud-based managed services.

·         Proven ability to improve security posture in existing legacy applications as well as define greenfield application security strategies.

·         Experience developing or supporting internet-facing web applications or services.

·         Solid understanding of security concepts and secure coding techniques.

·         Experience using static analysis tools such as WhiteHat, Fortify or CheckMarx.

·         Ability to align and/or prioritize security goals with business goals.

·         BS/MS in Computer Science (or equivalent experience)

·         Technical aptitude and critical thinking skills, the ability to come up with creative outside-of-the-box solutions.

·         Strong written and verbal communication skills – including the ability to translate the impact of complex security risks/concerns to the senior IT executive leadership team.

·         Understanding of US regulations and data-protection guidelines and standards.

·         Some leadership experience (getting projects/tasks done leading a small team) 

·         CSSLP, CISSP, CISM or other relevant information security industry certification preferred.

·          

Qualifications

Skills - Experience and Requirements

A successful Security Engineer will have the following

  1. 5+ years of professional software development experience. Experience with Node.js, Java and/or Spring is preferred.
  2. Thorough understanding of the OWASP Top 10 and SANS / CWE Top 25 coding standards.
  3. Significant experience with securing and integrating with cloud-based managed services
  • Proven ability to improve security posture in existing legacy applications as well as define greenfield application security strategies.
  • Experience developing or supporting internet-facing web applications or services.
  • Solid understanding of security concepts and secure coding techniques.Experience using Ability to align and/or prioritize security goals with business goals.
  • BS/MS in Computer Science (or equivalent experience)
  • Technical aptitude and critical thinking skills, the ability to come up with creative outside-of-the-box solutions.
  • Strong written and verbal communication skills – including the ability to translate the impact of complex security risks/concerns to the senior IT executive leadership team.
  • Understanding of US regulations and data-protection guidelines and standards.
  • Some leadership experience (getting projects/tasks done leading a small team)
  • SSLP, CISSP, CISM or other relevant information security industry certification preferred.·          

Additional Information

Skills/Requirements Essential  •4+ years’ experience auditing and applying control processes to network, wireless and applications • Computer experience • Ability to apply knowledge by reading and interpreting regulations to formulate real world controls •Bachelor’s Degree in business or computer related field or equivalent experience Desired Qualifications: • Experience in a fast-paced, ever-changing and growing environment • Experience with basic programming language

your information will be kept confidential according to EEO guidelines.

Apply Now